#futurerestore-help

its fine to stop it tho right?

yes

Although i did have an idea for your gui @lilac wren

thanks i feel it's better wait for more time

I just downloaded the blobs for iOS 14.4 and 14.5, is that all I need to do to be able to upgrade later?

If it's not there, you can implement a wget function to download the ipsws based on the users selection for device type in a drop-down menu

Without having them go to ipsw.me

Then it would automatically extract the IPSW to get the files needed etc.. Or use pzip

Just a thought..

idk how u would get wget on windows

but everything is possible

wait

is wget already in windows

#futurerestore-help message

Lol

Hello

hello

gm

its 6pm

hi tanbeer!!

hey

oh lol

Ok, I'm done

wha-

nono it's a cool thought

I'll implement it just for you <3

so what have i missed

not much

It's the last time i do anything anymore

JTV, what's the purpose in downloading the IPSW though

like if --latest exists why get the iPSW through a program when it's easier to use a nice looking website

Don't you need the build manifest?

how can i get around APTicket-APNonce mismatch error

not if you do --latest

set your generator correctly

build manifest is auto grabbed when using latest

^

But sometimes --latest isn't selected

if you look at the logs more closely you can see when it does it

in that case a BuildManifest does need to be specified

well if you don't use --latest, then you need the ipsw for sep and bb and buildmanifest

there is no reason not to use latest tho

Idk if you guys know anything abt how macOS handles disc space but once I upload say 30 gigs of files to iCloud Drive, will that immediately become accessible space?

downloading it through the gui would be kind of redundant, jailbreak telegram bot can already tell you what files you need

any1 please

Use dimentio

@lilac wren for now yeah it is useless, but if latest breaks again for windows or smth then it would def be useful

No, after it uploads Mac will delete the files from your device whenever it wants I think

i saved via tss server im on ipad pro 4th gen cellular 14.0.1

especially since ipsw.me’s api does allow getting the sep and bb seperately

okay so --update worked great with FR GUI on iphone 7 plus. gonna try now on ipad pro 10.5 with --update!

ooh now this is useful, should also be easy to implement

link?

[[dimentio]]

Dunno why they have to have odd names

is there harm in using latest baseband for ipad 10.5 wifi? or is it necessary to use NO baseband?

I think it's necessary to use no baseband

^

ah ok, so need to be jailbroken to use

Usually you specify latest baseband, but then add no baseband at the end

Or fr will freak out

Tis what had to be done on Apple tv

if it still happens after clearing files reboot and clear temp folders

I wouldn't use the guis for that

its probably cached

Do that part manually

That space just ended up marked as other :/

guis have an option for no baseband

its exactly the same as using terminal for it

because all it does is change args

I got 70 gigs of other now damn

Do u think that a restart could make it accessible?

Off topic

you can try

Theres a fix in #common-issues

Mb

I think they're talking about Mac not iOS

Yeah tryna clear up space for ipa to be extracted

Ipsw*

What ipa

Ah

Little do people know, if you put the ipsw on a flash drive and point FR to that...

Still need at least 10 gigs on main drive

why does futurerestore freeze at "Odysseus for 64-bit support: yes"

No you don't

You do

Cryptic said

For what?

Since it extracts to temp dir

The ipsw is extracted on the flash

No

I would do that but my flash drive is also filled with gigs and gigs of videos just like my main drive

If they set extraction in tmp then that's just plain dumb

Well it is

Eats up your hard drive

Flush your porn

oh it's stuck on connecting to usbmuxd

I straced it

I wish it was porn but it’s much more boring than that
It’s hours and hours of math lecture zoom recordings that I’m procrastinating on watching 😭

sudo killall -9 usbmuxd && sudo usbmuxd fixed it

except it won't recognize it in recovery

ive set as 0x111111111111 but stilol get error to update to 14.3 from 14.0.1

Why not stop procrastinating and watch?

Hi
Can anyone confirm if I can futurerestore from 13.5 to 14.2 Iphone XS Max ?

Yes

you can but it might not work

hit or miss

Honestly, updating to 14 isn't worth it

You'll regret it

Will it force me to update to 14.4 if it doesn’t work?

Yea

Cuz this class gives me anxiety

It’s calc and I hate calc

Why it make me regret? Is it the battery drain issue?

I’m honestly tired of 13.5

Me to :/

No, just overall terrible tweak support, instability in jailbreaks

True but I stopped heavily using tweaks on 13.5 anyway

That's fine, but there is the oddball random bootloop

Yeah it still unstable but it will be stable by time and future updates

Wtf after a restart why tf is the space still marked as iCloud Drive

30 gigs bruh

I saw some people in Reddit they successfully FR to 14.2 is it work for only some people?

yeah

you can try but it might not work

Oh looks like it was still uploading

I would try it but it might force me to update to the latest ios right?

I’m so glad I have gig
Waiting for this to upload would’ve been hell otherwise

Yes

no

it won’t

Oh?

if you fail you’ll fail early

So it’s save to try if it’s work or not?

you can just exit recovery

as long as you dont mess up anything else

you can try

Oh true

Ok then I will try it tomorrow
Thanks a lot

Wait so the worst thing that can happen is recovery mode?

I was scared for no reason

Lot of misinfo going around

if you follow all the steps properly you should be fine

Like what

^

unplug the device during the restore

manually specify the wrong baseband

have a hebrew username on windows

LMAO

if (username.isHebrew()) {
  iBoot.wipe();
}

^

now just write that in hebrew for extra effect

is reddit down

@zealous bridge do u speak hebrew

No

or can u read it

ah

no

I used it just a minute ago

reddit that is

its down for me

reddit isnt down and i cant speak hebrew

im like semi fluent in arabic tho

and im not middle eastern no

@zealous bridge what languages can u speak/read

@green onyx

wait what

oops

lol

ignore that

accidentally pinged you somehow

nice

"Done: restoring succeeded!" on ipad 10.5 wifi, FR GUI using --update and --no-baseband

fluent in english bengali, nearly fluent in arabic and german

pog

lol futurerestore said failed to enter restore mode and kicked me back into normal mode

have we got a failed restore yet with frgui

probably not

lol

well done!

not frgui

is ipwndfu working? kinda wanna restore a 14 device to 13 and test out baseband functionality

with fr too

like terminal fr

lol reddit IS down

@zealous bridge works fine

lol

ty

lmaooo

reddit down

@zealous bridge you just need to fix liboffsetfinder64 so need to compile everything from source, also fw keys proxy is needed(libipatcher repo python script wikiproxy.py)

just found out that my APNonce had changed from when i saved my blobs on 14.3.. just read the device and it now showing a different APNonce

cool, can i do this on ubuntu?

well if your generator wasn't set when you saved blobs, apnonce will change @astral oak

@zealous bridge ubuntu and mac should both work yep

use my compile script

actually dont

use lukes for nonstatic

cuz u want dynamic liboffsetfinder64

to modify it

if its broken

im on windows

set generator

is it those mach-o errors?

no it can't

@astral oak upload ur blob to https://verify.shsh.host

and screenshot it here

the only way the apnonce changes is if the generator changes

it does

the ap nonce does change when you update

except for 1 guy lol

but if you just set the generator back then you'll get the sane ap nonce as before

yes

sm guy kept his apnonce

Bruh I just found out that iCloud Drive doesn’t work the way I thought it did

lmao

who?

It keeps file locally

Smh

let me explain

guys

alright

ooh lesson yay

patience

^

yes but not really, a generator can change without the nonce changing

@astral oak what device is this

and when did u save the blob

i think he used blobsaver

you'll get the same ap nonce when you just set generator back

iPad Pro 4th gen Cellular

not true, the apnonce is the hash of the generator, meaning if the generator changes the apnonce will also change

its a A12Z

did u ever jailbreak the ipad

I don't think so, pretty sure a nonce is only created when you go to recovery or request an update right?

so there is the nvram(non-volatile ram) meaning it stays after reboots. The only time it is changed is with updates or restores.

there is an nvram for setting the generator called com.apple.System.boot-nonce

apple uses it to keep the same apnonce during ota updates, because they need to reboot for it to work, if they don't set the boot-nonce generator, there tss request will be invalid, they can't depend on internet in restoremode to request a new tss.

so we stole an apple feature boot-nonce to set our own generator to reuse our tss requests(shsh blobs) 🙂

no, the apnonce always exists

Omygod i'm so tired, everytime get ERROR: Unable to set iBEC. 194 + gui win 10, faq doesn't help

not sure b4 i think just b4 it got unsigned

ur doing it wrong

the generator is cleared every time an update or restore happens

do up to step 7

meaning the nonce changes

did u ever jailbreak the ipad

yes or no

libinsn required

and did u use blobsaver

guessing i need to compile that too

the apnonce is the hash of the 16 digit hex generator

yes its on unc)ver now but on 14.0.1 fw, im trying to upgrade it to 14.3

except on a12-a14

so if one changes it means the other has changed too

yeah but the nonce only changes if it's requested right? I don't think the phone just checks every second if the generator has changed

answer the other questions

did u save it with blob saver

and when u saved it

were u jailbroken

generator can change thru multiple reboots too

yes or no for each question

or if it enters recovery mode

Well I need also to set nonce manually everytime after reboot?

yes

@valid adder am i just getting liboffsetfinder from tihmstars repo then?

BLUE CHEESE AND MY OFF WHITES

I BEEN DRANKIN CODEINE ALL NIGHT

yes used blobsaver on 27th jan.. wasnt jailbroken until jailbreak came out for iOS 14 other week

then no

ur blobs are useless

are any of yall baddies

or no

u cant save blobs for A12+ without jailbreaking

bc entangled apnonce

86 | retcustomerror(out_of_range,"memstr failed to find "%s"",little);

what does that mean

i take that as a no

ok bye bye ugly people

is libinsn broken or something

just comp futurerestore without libipatcher support

need to use odysseus

but generator can change, ap nonce hasn't been hashed yet

omg finally a step forward after redownload the ipsw. the other was dmg i think

@zealous bridge luke's compile script as a reference, you will just need some fixes if it doesn't work

Can I give a try to restoring to 14.2 A11?

if the generator changes, the apnonce will change too. immediately.

i have blob from tss with same APNonce as on device for 14.4 fw

but unc0ver only goes uptot 14.3

any blob u saved without being jailbroken wont work

just stay on 14.0.1

from what ios version?

ok, ive reupped my device to tss now whilst jailbroke

you can only save blobs unjailbroken on a7-a11, a12-a14 need a jailbreak for blobs to be saved @astral oak

13.5.1

yes

yes i have now 14.4 and 14.4.1 on tss on with the right APNonce

cool

now u know

suppose i just have to stay on 14.0.1 for now

any suggestions? :/

full log

uh what

hm

someguy had a similar error earlier

I GOT THAT SAME FKIN ERROR

irestore?

yes

full log

^

@silent hollow are u using irestore?

thanks for all your help guys 😉

does not matter

ive seen it before both of you but it was weeks ago @zealous bridge

they're all dumb gui wrappers

that do the same

yeah

prob

but

why

@green onyx nope

it might just be a corrupted IPSW

that was a pita

ichitaso had that issue and it gave a similar error

i restored with the same ipsw like 5 times

no way it was corrupt

this happened while i was testing both guis

it was my 3rd test out of five i did that day

all with the same ipsw and blobs

well can't be fixed without a log anyway sadly'

because there is no error in that message

where is the log stored?

when i got it there was nothing

apart from that

just copy paste it

literally everything else was bog standard

so

idk

it was on a9 anyway

so

copy the entire thing

it was fine

save to pastebin

The device bootloaders (baseband, firmware, and SEP) generate a random number at the restore, then send them to iTunes which sends them to Apple...The number within the certificate is matched to the number generated on device
This is what iPhone wiki says

at restore

I'm soo stupid

open the link

they all have seperate nonces

and follow instructions

yes, generated at restore

sep has its own nonce

do this 3 times, no green screen

@fast creek ignore that error

ffs

yep

its a warning

lmao

can also be generated during an update

@lilac wren u gotta change it to do steps 1 to 7

or during recovery mode or multiple reboots

just because its not there

dont mean it doesnt happen

im deleting ur messages until u listen to us

for me the generator changes every reboot

yeah so it doesn't change the ap nonce immediately, only at restore?

without fail

updating and restoring go through similar processes

if the generator is set it should not change from a reboot, unless you JB with unc0ver which sets a new random generator for some reason

it has a stage where it "verifies the restore / update"

so it is possible to have a generator set with a different ap nonce

but not when trying to restore

or in recovery mode

or updating

I exited recovery after a failed restore and the apnonce stayed the same (was using checkra1n)

a generator is tied to ONE apnonce and ONE apnonce alone

if you know how hashes work

its similar

whos msg

on A12+, apnonce = hash(some unique device ID + generator)

the exact algorithm is unknown but that's the idea

@green onyx rapid

ah

i'll try and explain better: if you set your generator to 0x1111, enter recovery, boom you have ap nonce 5a5a5a. if you jailbreak and set generator to 0x2222, your ap nonce is still 5a5a5a though right? says it's only generated at restore. that's what im trying to say

on A11 and lower, it's just hash(generator)

yes

ur apnonce is tied to ur generator

no

as soon as you enter the generator

the apnonce will change

you can see this clearly in dimentio

oh i read 0x2222 as 0x1111

i cant read

the entangled_nonce part will change every time you enter a new generator

even if its in normal mode

doesn't dimentio just calculate your nonce? or is it actually telling the device "hey, you're going to update!! generate an ap nonce now pls"

now how would it calculate the nonce

@celest basalt a12 nonce is:

apnonce = shasum384(0x1111111111111111);
apnonce = substring(apnonce, 64);
nonce_entangle(apnonce);

it is requesting it from the device

the algorithm is unknown

so it cant "calculate" it

its sha384 shortented to 64 chars @celest basalt

its doing this

ah, and the entangle is the magic unknown hash right @valid adder ?

prob

no idea about those details

so it's hashing it? or letting the device hash it and only reading it?

the device will hash it

@lilac wren apnonce has always been the hash of the generator

dimentio doesnt hash anything

its only entangled starting in a12

asking about dimentio or other on device ap nonce 'readers' specifically

if dimentio was just able to calculate apnonce itself then nonce entangle wouldn't be a problem when saving blobs, that would be too easy

exactly

although technically you can read out the generator with mobilegestalt somehow

Cleaning up...
[exception]:
what=Device ApNonce does not match APTicket nonce

code=44498961
line=679
file=futurerestore.cpp
commit count=194:
commit sha =0ab9df3209ee599f581532d05d331e6abe0f53f3:
Done: restoring failed!

hashes are supposed to work like this though? that you can calculate the result but not the input

now getting this

gg

14.4 im coming

a9 and below can be fully cracked with unsigned via sha1 shenanigans

you can't calculate the input FROM the result

we already have the input

the generator

thats how hashes work

@silent hollow that wasn't the full log

where is irestore log saved @zealous bridge

it isnt afaik

how long does the process take after extracting the filesystem?

just copy and paste cmd

depends on disk speed

oh after

i did this before and post it abvoe

yeah after

like 15-20 mins but can vary

ok

oh its showing progress now

just took a minute and now its happening pretty fast

has anyone tested Linux

@silent hollow and like I said that file is missing the the main part of it

for

for what

seems to fail at "Device can't enter to restore mode"

retry

ive restored plenty of times

using linux

I did with different cable too

leave ur device in recovery

or if it isnt in recovery, enter it manually

@silent hollow nvm got it

was further down

might have to uninstall usbmuxd and install libusb

in the log

I'm trying Windows now

ibec error is a plague

just compiled everything from luke's script, still getting that error. someone reported that using clang works, but wtf is clang? @valid adder

clang is a C/C++ compiler

how does one use clang

@zealous bridge screenshot log

verifying restore lets go

running sudo make

same error on Windows

Device can't enter to restore mode

you gotta keep trying

restart fr while your still in recovery mode

it kicks me off to normal mode when it says that

@zealous bridge you did the deps out of order

enter manually

manually enter then

try a different port

oh? tried to install liboffset but gave me an error that libinsn wasnt installed

libgeneral is the dependent of all tihmstar packages hence why it says retcustom not found @zealous bridge

oh

well

ty

so what should i do? Is there anything to do or im lost ?

my script is more what you want except you don't want to compile static @zealous bridge

can i just take a look at it for reference? just need to see deps and fixes

i can compile manually if need be

well, entering recovery works, just restore mode doesn't after sending iBEC

uhhh
it hasnt failed yet but should i be worried by

ERROR: TSS request failed (status=94, message=This device isn't eligible for the requested build.)<<<

if its not failed

you used unsigned SEP/BB probably

dont worry

ye it just finisheddd

weird

it worked despite that?

that was actually relatively painless

surprisingly

ive seen it before

ye

@valid adder same error after compiling libgeneral

hey i'm currently trying to future restore and my blob file is a notepad file does anyone know if that will effect the process if i drag it into cmd to restore?

did you install them after building?

yes

gonna try clang, apparently that might work

@zealous bridge then just use the precompiled one first with wikiproxy and see what goes wrong

damn its taking forever to boot up

alr

dont i need rmvsigchks.py or something?

@thorn lintel notepad has been deprecated since the early 2000's

@zealous bridge what device

a9

nah u need a mac for a9 afaik

fuck

@valid adder so what should i do now?

nothing u can do

no it doesnt matter

oh fuck

data recovery mode??

am i fucked?

when did it download the update for it to recover from?

it didn't

its fixing userdata

it says attempting data recovery

yah but there was no point for it to download the update

so thats not what it is doing

true

then whats it doing then

is my data gone?

just update to 14.4?

i have no access to anything on my phone rn

attempting data recovery is normal

oh ok

reassuring

after like 20-30 mins you'll have full access

fixing app and user data

aight bet

so then i do a normal restore via itunes? And is there a way to downgrade afterwards?

not on iP11

you're stuck until a jb comes out

for 14.4

because there is no nonsetter right?

^ yes

shit happens thanks for your help ^^

i would honestly be fine waiting on 14.4

mhm

i was tired of 13.5 anyway

@zealous bridge so somehow the ipsw is corrupted ondevice asr verification failed

@zealous bridge taking some educated guesses here, but

if(key.generated == 1 && key.key_id == 0x8A3 && key.key_sz == 8 * kCCKeySizeAES128) {
  if(CCCrypt(kCCEncrypt, kCCAlgorithmAES128, 0, key.val, kCCKeySizeAES128, NULL, buf, sizeof(buf), buf, sizeof(buf), &out_sz) == kCCSuccess && out_sz == sizeof(buf)) {
    CC_SHA384(buf, sizeof(buf), entangled_nonce);
    ret = true;
  }
  break;
}

I see 'buf', looking back buf is

uint64_t buf[] = { 0, nonce };
so this is probably the generator

I see key 0x8A3

Generated by encrypting 0x568241656551e0cdf56ff84cc11a79ef with the UID-key (using AES-256-CBC). It is used during software upgrades on A12 and later to encrypt the "generator" value (using AES-128-CBC) before hashing it to become the nonce.
So it's fetching this encrypted generator or encrypting it itself, with this (again buf seems to be generator)

CCCrypt(kCCEncrypt, kCCAlgorithmAES128, 0, key.val, kCCKeySizeAES128, NULL, buf, sizeof(buf), buf, sizeof(buf), &out_sz

and then, it's doing

CC_SHA384(buf, sizeof(buf), entangled_nonce);

is this not the hashing of generator and nonce together?

This is why I thought dimentio is calculating, not fetching, the AP nonce. what you said a few weeks ago may have been correct: you cannot fetch ap nonce unless you're in recovery. dimentio is only calculating, which may be the reason it's in all caps as compared to futurerestore and blobsaver which fetch the ap nonce, and it's in lowercase—fetched is lowercase, calculated is uppercased

if this is wrong, can you show me what's actually going on then?

probably something went wrong while sending it

I bet everyone with usb problems trying this on shitty AMD platform computer

i used fr on an amd computer

@fast creek no we already fucking told u why

and amd is pretty good

Hey guys i'm kinda stuck

u dont listen to us

ah

the ibec

@lilac wren you're overcomplicating things

just follow

this is what i'm getting

the nonce is always present

@orchid blade run again

just

run again

it needs a nonce to check for ota updates and verify them with apple

No I'm attempting to read the source code lol, can you give me your interpretation of the code then

btw this is under the function/method called "entangle_nonce"

nonce is for using tss signing tickets

@zealous bridge

requesting them yeah

how long does data recovery take

i didnt realize it would take this long

its only used for anti replay, doesn't matter about checking for update itself @zealous bridge

yeah i know thats not its primary function

this isn't the point lol, we were wondering when ap nonce is actually generated and set on device. dimentio cannot set this ap nonce obviously, otherwise there'd be no reason for a generator. When is the AP Nonce actually entangled and set by iOS? how does dimentio get this nonce then? I think it calculates, not forces iOS to entangle and set it's ap nonce

but it does happen

i am now getting this

what are you suggesting then? what does that change?

how do they come up with all of this bullshit

we can assume the encryption happens in nvram

@lilac wren because the entanglement is hardware based, it calls the aes entangle function which calls the hardware aes func

that you can have a generator set with a different AP nonce currently set

you can't grab the hardware key

I'm gonna reinstall itunes

if we could calculate the apnonce from the generator nonce entangling would be pointless

why they gotta make this shit so complicated

and all these mf made up words

lmao true

@brisk leaf speaking facts

its not madeup words

the whole point is this is all hardware based and nothing within it can be exploited, doesn't matter if the setting is delayed for 1 second or 10

ye ik

they mean what they mean

tf is a nonce

well easily exploited

u dont know what a nonce is

a number than can be used once

https://en.wikipedia.org/wiki/Cryptographic_nonce

@brisk leaf

by definition

ahh

so it is a real word

yes

number

once

nonce

yes its also a british curse word

who thinks of this shit tho

that too

@brisk leaf its most likely a latin, greek, or roman root word that is relating to math in some way

thats how language works

ig so

and thousands of ppl are paid to spend their entire day coming up wit this stuff

yes because the world could not currently operate without it @brisk leaf

true true

the infrastructure needs it, so people study it

still annoying how convoluted it is tho

not really, i've only started understanding iOS 5 years ago, doesn't take that long

however i've been jailbreaking for more than 10 years

5 years is a whole undergrad and a masters bruh

@lilac wren when the generator is set in nvram, the whole point of it is non-volatile RAM, it's meant to retain readily accessible information, yes you're right in the fact that the apnonce isnt used until restore, but the fact that it's there signifies that there is a safeguard against re-using signed tickets, because even if you have a generator set with a different apnonce, you wont be able to take advantage of it in any way

8th grade -> college

non volatile ram exists?

always has @brisk leaf

tf is eduaction in the US

i probably seem really dumb lol

do u guys not have high school

or smthn

@green onyx a shit show, college is useless

high school is 9 10 11 and 12

im going to post-secondary.....

thats college/university/after k-12 education

@green onyx I was saying 5 years was between 8th grade and college

@lilac wren i think what you're trying to say is, that the apnonce isn't "set" as in it's not gonna be used until the actual apticket requesting happens. but it is de facto set, there's nothing you can do to exploit it

ah i see

so it changes nothing

as I understand it, you need your hardware keys to encrypt a constant in order to get your AES hardware specific key.

UID Key + 0x568241656551e0cdf56ff84cc11a79ef = AES Key 0x8A3
AES Key 0x8A3 + generator = pre-entanglement generator. what dimentio here does,

CCCrypt(kCCEncrypt, kCCAlgorithmAES128, 0, key.val, kCCKeySizeAES128, NULL, buf, sizeof(buf), buf, sizeof(buf), &out_sz

So, this CC_SHA384(buf, sizeof(buf), entangled_nonce); actually hashes to get your final entangled nonce.

We use SHA384 to hash, we cannot go from the final ap nonce back to pretangle generator or anything before. The hash is working correctly, we can calculate the result. but it's still possible to calculate

wouldnt that just be an ssd

I will say this @lilac wren: out of respect for the jailbreak community, you did a great job. I feel that this doesn't need to be posted on reddit or anything but here. But I, (among many others) do applaud you - and the testers for their efforts on getting the GUI looking/doing great! So thank you. Your tool does aid us in many ways and will be a great feature to have for the experienced and beginners alike.

Just wanted to chime in...

@lilac wren wait ur the one who made the gui?

yes but its raw data ram, an ssd would be a filesystem of data big difference @brisk leaf

only from hardware itself tho

thank you so fucking much
made it so much less painful

and an ssd is not ram, its not random

never said it needed to be exploited, just hypothesized that it was possible for a generator set with either no nonce or previous/wrong ap nonce

wait so an ssd is by definition organized?

any drive for that matter?

np it was fun

@brisk leaf

again, it might not be 'set' but no matter what you do that apnonce will generate

we can basically call it set

but not immediately

and not after 10 seconds

only after you go to recovery

ah

or request an apticket

using system info

or

lets fucking go ios 14.2

ota

yessirrr

so this ^ and this

dimentio doesnt hash anything
were incorrect or no am I still misunderstanding

this makes no sense why some devices sep panic but others load sep fine for 14.2 restore

aww this means a lot to hear it from you, glad we can both work together to help the community as a whole ❤️

was wrong about the hashing, but i'm not wrong about the apnonce being set after the generator is. you can technically say that if the apnonce isnt set then the generator isnt set either, since you can't use it

i literally don't even know what language dimentio is in, I assume obj c or something, and don't know how iOS works or anything, so I could be totally off

if that's how you want to refer to it as

ah so I think you're right here, AP Nonce is never actually set into iOS's filesystem or memory or anything. Only generated at recovery/ota/update

this is completely off topic but i just looked at the screen time widget for the first time on ios 14.2
and why tf does it track how long ive been on pornhub wtf
has it always done that??

in safari yes

chrome and other browsers dont I believe

probably lol, tho im guessing with enough info anyone could hash the generator into the apnonce

if you have the encryption method and hardware keys

this is what dimentio does though, but has to be done on device bc hardware keys

so it can never be "read from device" until it connects with apples servers

which is what blobsaver does i imagine

Can blobsaver read offline though

We can try

blobsaver runs irecovery -> apnonce via normal mode

I would think

I didn't look

oh hold on

noncestatistics can get the apnonce too

and that can run offline

noncestats is shitty software

time to look at blobsaver source code

yep libimobile

what does that consist of then

libirecovery

how long would it take to try all combinations with dimentio

probably long bc it takes a few seconds iirc

Shh!! That was my next blob analyzer feature haha

blobsaver just gets nonce, it doesn't do what dimentio does

bruteforce apple haha

even 1 per second is extremely slow

Yeah :( what about multithreading though

bro there could be what 1 to the sixteenth power combos

Just spam like 100 at a time

doesn't work that way unless you have multiple devices

Ssh

but that's no good for A12+

bc nonce entangle makes it different for each device

it would take as long as cracking a fully randomised 16-digit password @celest basalt

you can't multithread when it has to wait for the system to set the generator and read out the apnonce

Ooh I see

internet speed too

so you have to break into the tatsu datacenter

and do it on a laptop

to go faster

just brute forcing apnonce/generator on device doesn't require internet though?

What about just faking generator in dimentio's hashing though

no probably not

yeh true

because it can be calculated on device

with hardware aes keys

We have all hardware keys right so just change buf to 0x1111 + 1 every thread

that would still take ages

trying every single generator combo?

But it's a cool project and one I was going to do nontheless

u could open the blob

and check for generator

Can someone tell me how many combos there are for generator

1 to the sixteenth power

lots

actually longer bc generator is 16^16, just digits is 10^16

1^16th is still 1

Lmho

lol

nvm

1x1x1x1 XD

what is hex

base 16

it's 16^16

16 to the sixteenth power yeah

Ty

0-9 and A-F?

yes

yep

not capital tho

lowercase

wait

r u actually bruteforcing the generator

yeah they dont believe me when i say it would take ages

damn unc0ver 6 is really unreliable

No, probably never going to work but I still want to try bc I was going to anyways

@lilac wren is it possible for frgui to open the blob

and check generator of blob

and set it as that?

Yes lol

But that's boring

ah i see

bruh

What I was going to do

website?

Was going to ssh into device with frgui, use dimentio 0x111, try chimera's, and the blob's to see if it matches the ap nonce in the blob

why try chimera's

https://www.security.org/how-secure-is-my-password/

also odyssey default

Bc maybe some people saved blobs with odyssey's

Odyssey and chimera is the same I believe

0xbd34a880be0b53f3

passphrase op

heh well switched to normal computer and passed ibec error, but now stuck on Waiting for message from FDR

thats my apple id password poggers

@lilac wren how many guesses per second would you think you could achieve if you try to bruteforce the generator using hardware keys

lol

"Poggers" boom done

keep waiting

poggers as a pw is 200 milliseconds

lol

5 maybe? Haha I'll hope for more

poggers in a passphrase is smthn more tho

lol

it would be pointless on an A12+ device but it actually might be useful on A11

oh wait for A11 the algorithm is known already

nvm

5 with dimentio ssh, more if I can get dimentio's fake generator running after stealing hardware keys on their computer

heh whos gonna be alive to see the end of that bruteforce i wonder

wait on whos computer

the users?

Ngl this is much more intense than the mincraft plug-ins I was making 3 weeks ago

the morality of doing that isnt very moral

Yeah, that's what I assumed. Probably depends their gpu or whatever

not like hes hacking into fort knox tho

Not paying for some super server for this

5 guesses per second

lol

could run that on a mouldy potato

No 5 was on device with ssh

Definitely more if I can run dimentio on computer after stealing hardware keys

you dont even need to run dimentio

just a standard encryption command is enough

Oh yeah, all we need is to encrypt and entangle, we don't need to get all the keys

then you could embed into something which would try again after a failed attempt

No this is what would make it take ages, we need like 50 running concurrently regardless of the last attempt's result

(-2)

Unable to receive data from FDR

well then gpu bottlenecking will be extreme

restoring to 14.2?

y from 13.5.1

doesnt work

so

have to stay on 13.5.1 if you dont have 14.3 blobs

i have

then why dont you restore to 14.3

Oh there's an issue, I only uh know java which is probably way too slow for this

Thought it is a bad unstable version

no

there’s a glitch about imessage notifications i think

on 14.3RC

14.3 is stable isn't it

Lol rip this guy, always read release notes

ahh my bad

14.3 is stable by definition and by usage

Literally before you download FR, in the assets, there's a text file that says "READ RELEASE NOTES" which say that 14.2 and below are half working

even if it is unstable 14.2 would be even more unstable

lol if it couldnt handle logs you think it would handle massive bruteforcing attempts

Lol time to learn cpp

I read this, but nevertheless, i wanted to try so

rip

rip your brain

why

would u go to 14.2

when u have 14.3 blobs

yea i dont get it either

Lmho

"very unstable release"

any probs 14.3 have 14.2 will have as well lol

ama brainless last time

ty every1

np

success 14.3

god

nice

good

Well 14.2 almost worked but didn't wanna do the last push for me

If we did dimentio at 50 times a second, it would be done in 116988483 centuries

Assuming the last generator we try is correct, 0xFFFFFFFFFFFFFFFF

If we somehow managed to hash one hundred thousand times a second, it would only take 58494 centuries

why u guys gotta do this lol

Lol bc my great great great great great x 10000 grandchild can have a phone on 14.3

If we wanted it done in 48 hours, we'd need to entangle 106,751,991,167,300 times a second

why do i get an ibec error now

Lol did you install iTunes or something

help guys how 2 fix ibec /s

idk

lol my sister is blaming me for roblox jailbreak detection

lmao what

wait

roblox has jailbreak detection

lol

Lol that's dumb

and checkra1ns restore system button doesnt exist anymore

so

i have to flippin futurerestore

On they actually removed it?

How are you supposed to rootfs

probably not but it doesnt come up for me

did u install cydia

yes

doesn't uncover rootfs for u even if ur checkra1n

Saw you have to reboot and rejailbreak, then open it immediately

I think, but unc0ver doesn't work on 14.4

^

Pretty sure unc0ver tries to remove substitute when restoring rootfs

Which doesnt exist on checkra1n

because it uses substrate

Substitute 2.0 works on checkra1n if you don't restore rootfs from u0 though

also restore system button exists for me but you can also just do snappy -o in terminal

Does that work with jailbreak detection tho?

depends, many of them check files in /var so a restore rootfs may not be enough

here's my FR log btw https://gist.github.com/nyuszika7h/bf83222fb7c82705d343071420afb598

is there a guide for future restoring on here?

trying to update my iphone x from ios 13.3 to ios 14

with blobs

search pinned messages

lmao what

censoring UUID

I mean it probably doesn't matter that much but

im very new at this is it possible to upgrade to ios 14.3 from 13.6 if i do not have blobs saved

nah bro u need blobs

no

and if u do have blobs, no

if they do have blobs, why not

Might have misread that

yep lmao

i read it as 14.3 to 13.6

I've been trying to upgrade my iphone using future restore GUI which is a new tool posted in the subreddit yesterday but every time I get an erro saying unable to restore device

any suggestions?

send log

[userdirectory]/FutureRestore GUI/Logs

the whole thing or just the end?

k

@zealous bridge

Is that the right thing

Yep

Are you restoring to 14.2?

14.0.1

Highest version I saved blobs for

On iPhone x

You can’t restore below 14.3 on A11 and higher

Ah fuck I thought the iPhone x was a10

Damn

iPhone 7 is A10

So if I haven't saved blobs already there is no way for me to update to 14 with a jailbreak?

iPhone 8, 8+ and X are all A11

there is checkra1n but you won’t have Face ID or Apple Pay

rookie question but how do i get it to say my device n version next to my name

Or a passcode

Yeah no SEP protections

#bot-commands !adddevice [device name]

ohh thankyou

Dang ig I'll just chill on iOS 13 for now and update later when an iOS 14.4 JB comes out

Save blobs too

For every version

do you think it’s worth taking the risk to upgrade to 14.2? or should i just wait for a 14.4 jb

what risk?

i don’t have 14.3 blobs and FR isn’t guaranteed to work on 14.2

ok? how is that a problem?

"Done: restoring succeeded!" using FR GUI on iPhone X with --update

it’s not like it’s the end of the world if it fails